rpms/libreport
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Add patch for #1893595

Browse Source
This commit is contained in:
Matěj Grabovský 2020-11-03 16:36:34 +01:00
parent aa4f8872d7
commit d9b53bd182
2 changed files with 53 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
0008-rhbz-Fix-a-double-free-condition.patch Normal file
View File

@ -0,0 +1,48 @@
From 6cd4fa7749b2de7a39b6bf22373b56d1c1be91d1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C4=9Bj=20Grabovsk=C3=BD?= <mgrabovs@redhat.com>
Date: Mon, 2 Nov 2020 11:45:23 +0100
Subject: [PATCH 1/2] rhbz: Fix a double-free condition
The `cc` string must not be freed after the variable goes out of scope
since it's appended to `cc_list`. (`g_list_append()` does not copy its
input.) We only need to free the last string in the loop, which is an
empty string.
The bug was introduced in 7aba6e53.
Resolves rhbz#1893595
---
src/plugins/rhbz.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/src/plugins/rhbz.c b/src/plugins/rhbz.c
index 25d30207..c2855a70 100644
--- a/src/plugins/rhbz.c
+++ b/src/plugins/rhbz.c
@@ -407,18 +407,20 @@ GList *rhbz_bug_cc(xmlrpc_value* result_xml)
if (!item)
continue;
- const char* cc = NULL;
- xmlrpc_read_string(&env, item, &cc);
+ char *cc = NULL;
+ xmlrpc_read_string(&env, item, (const char **)&cc);
xmlrpc_DECREF(item);
if (env.fault_occurred)
abrt_xmlrpc_die(&env);
if (*cc != '\0')
{
- cc_list = g_list_append(cc_list, (char*)cc);
+ cc_list = g_list_append(cc_list, cc);
log_debug("member on cc is %s", cc);
continue;
}
+
+ free(cc);
}
xmlrpc_DECREF(cc_member);
return cc_list;
--
2.26.2

6
libreport.spec
View File

@ -15,7 +15,7 @@
Summary: Generic library for reporting various problems Summary: Generic library for reporting various problems
Name: libreport Name: libreport
Version: 2.14.0 Version: 2.14.0
Release: 11%{?dist} Release: 12%{?dist}
License: GPLv2+ License: GPLv2+
URL: https://abrt.readthedocs.org/ URL: https://abrt.readthedocs.org/
Source: https://github.com/abrt/%{name}/archive/%{version}/%{name}-%{version}.tar.gz Source: https://github.com/abrt/%{name}/archive/%{version}/%{name}-%{version}.tar.gz
@ -27,6 +27,7 @@ Patch3: 0004-gui-wizard-gtk-Fix-a-segfault-and-memory-leak.patch
Patch4: 0005-gui-wizard-gtk-Fix-segfault.patch Patch4: 0005-gui-wizard-gtk-Fix-segfault.patch
Patch5: 0006-event_config-Null-autofree-pointers-before-returning.patch Patch5: 0006-event_config-Null-autofree-pointers-before-returning.patch
Patch6: 0007-gui-wizard-gtk-Don-t-autofree-URL-string.patch Patch6: 0007-gui-wizard-gtk-Don-t-autofree-URL-string.patch
Patch7: 0008-rhbz-Fix-a-double-free-condition.patch
BuildRequires: %{dbus_devel} BuildRequires: %{dbus_devel}
BuildRequires: gtk3-devel BuildRequires: gtk3-devel
@ -667,6 +668,9 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
%endif %endif
%changelog %changelog
* Tue Nov 3 2020 Matěj Grabovský <mgrabovs@redhat.com> - 2.14.0-12
- Add fix for https://bugzilla.redhat.com/show_bug.cgi?id=1893595
* Fri Oct 09 2020 Matěj Grabovský <mgrabovs@redhat.com> - 2.14.0-11 * Fri Oct 09 2020 Matěj Grabovský <mgrabovs@redhat.com> - 2.14.0-11
- Add fix for https://bugzilla.redhat.com/show_bug.cgi?id=1882328 - Add fix for https://bugzilla.redhat.com/show_bug.cgi?id=1882328